Jerry Gamblin

Name of the Vulnerable Software and Affected Versions cveInterface.js (affected versions not specified) Description A cross-site scripting (XSS) issue exists in cveInterface.js. The component trusts input received from CVE API services, allowing injected HTML to be displayed. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description The stored API keys in a temporary browser client are not adequately protected, potentially allowing extraction of encryption credentials through JavaScript console errors or similar mechanisms. This could expose sensitive information. Recommendations Update to a version after 2026.